diff options
Diffstat (limited to 'share')
| -rw-r--r-- | share/man/man9/suser.9 | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/share/man/man9/suser.9 b/share/man/man9/suser.9 index cb4dd6b..c8be714 100644 --- a/share/man/man9/suser.9 +++ b/share/man/man9/suser.9 @@ -62,8 +62,9 @@ circumstances dictate otherwise. The .Fn suser_cred function should be used when the credentials to be checked are -not the thread's own, when there is no thread, or when superuser -powers should be extended to imprisoned roots. +not the thread's own, when there is no thread, when superuser +powers should be extended to imprisoned roots, or when the credential +to be checked is the real user rather than the effective user. .Pp By default, a process does not command superuser powers if it has been imprisoned by the @@ -85,6 +86,17 @@ implicit in the .Xr jail 2 call should such powers be granted. .Pp +By default, the credential checked is the effective user. There are cases +where it is instead necessary to check the real user (for example, when +determining if resource limits should be applied), and this can be done +by passing the +.Dv SUSER_RUID +flag in the +.Fa flag +argument to the +.Fn suser_cred +function. +.Pp The .Fn suser and |
